With Version 6.2 of its Federated Identity Manager, IBM brings multiple identities into a centralized system.
IBM is pushing interoperability as a
solution to enterprise identity management and authentication woes.
In Version 6.2 of IBM Tivoli Federated
Identity Manager, the company has integrated a number of user-focused identity
management technologies and frameworks, including OpenID, Microsoft Windows
CardSpace and the Eclipse Higgins identity framework.
In addition, the software now supports a wide range of user and application
credentials such as RACF (Resource Access Control Facility) PassTicket,
Kerberos, SAML (Security Assertion Markup Language), Web Services-Security and
platform-specific credentials used by Microsoft .Net, IBM
WebSphere, SAP NetWeaver, Oracle and CA.
The idea, IBM officials said, is to bring
multiple identities into one central, federated identity management system that
supports both legacy and newer user-centered frameworks.
"We now make it much easier for someone to deploy our federated
identity access manager with other access management products that are in the
marketplace, and that only just makes it easier for a customer to go ahead and
deploy that into their environment," said Joe Anthony, program director
for security and compliance management with IBM
is one of the leaders in the identity and access management market
of revenue. According to IDC analyst Sally
Hudson, the company has both the technological expertise and the resources
necessary to pull off this concept for customers.
Hudson explained that a
federated ID environment requires companies sell the idea internally and then
externally to partners and contractors, reassuring all involved that this
will not reduce security and raise risk. Afterward, organizations must
evaluate their architectures and the different points of interaction and
integration. Standards such as WS and SAML make this easier, but there is
always some system that doesn't fit quite into the box, she said.
"Federated identity is not for the faint-hearted," Hudson
said. "It is getting easier, [as can be seen by] recent announcements by IBM,
Ping, etc., but it requires a lot of up-front planning
and detailed integration work."
IBM is also targeting SOA
(service-oriented architecture) with this release by including a built-in SOA
Identity Service to enable users to validate, manage and audit identities
across a variety of formats and vendors' applications to help maintain identity
"When you think about a SOA environment, where [there are] ... multiple
administrative IDs, one problem we were seeing, particularly in portal
environments, is that customers would set up an administrative ID on a portal
and use [that ID] to go get information off of the back end," Anthony
said. "You run into an audit problem when you do that because you don't
have the context of which users were requesting the information.
"With our federated Identity manager ... you can also make sure that
identity context flows through that entire SOA architecture and you capture all
the needed, relevant identity context with the transaction, and you don't lose
The new IBM
Tivoli Federated Identity Manager will be generally available worldwide in